Threat Research

Vidar insists in Italy with campaigns via PEC

Italy-Cert-agid

Short Summary

A third malicious campaign has been detected within a month, aimed at spreading the Vidar malware through compromised PEC emails sent to other PEC addresses. This wave of attacks features fraudulent communications urging payment of an alleged overdue invoice, threatening legal consequences for non-compliance.

Keypoints

  • Third campaign targeting Vidar malware detected in one month.
  • Fraudulent emails solicit payment for a supposed unpaid invoice.
  • Emails contain links that download malicious JavaScript files.
  • Over 12,000 malicious email addresses have been blocked by PEC managers.
  • IoCs related to the campaign have been shared through CERT-AgID’s IoC Feed.
  • Recipients are advised to be cautious with suspicious PEC communications.

MITRE ATT&CK TTPs – created by AI

  • Malware: Vidar
  • Technique: Phishing (Spear Phishing Link) – T1566.002
    • Fraudulent emails contain links to download malicious files.
  • Technique: User Execution – T1203
    • Malicious JavaScript file is executed when the link is clicked.

Full Article Translation

03/09/2024

The third malicious campaign has been detected within a month aimed at spreading the Vidar malware through compromised PEC emails sent to other PEC addresses. This new wave of attacks is characterized by the sending of fraudulent communications that urge payment of a supposed overdue invoice, threatening legal consequences in case of non-compliance.

The email invites the recipient to view a note via a link contained in the message, which actually initiates the download of a malicious JavaScript file. This file activates the download flow of additional scripts as previously observed in earlier campaigns.

Countermeasures

Countermeasures have already been implemented with the support of PEC managers who have blocked over 12,000 addresses involved in sending the malicious emails. The IoCs related to the campaign have been disseminated through the IoC Feed of CERT-AgID to PEC managers and accredited structures.

It is recommended to pay maximum attention to communications received via PEC, especially when they contain suspicious links. If in doubt, suspicious emails can be forwarded to the email address malware@cert-agid.gov.it.

Indicators of Compromise

In order to make the details of today’s campaign public, the detected IoCs are reported below:

Link: Download IoC

Source: Original Post

Tags: EMAIL, PHISHING